Google expects to help users combat e-mail fraud and identity theft with the new feature. This alert may be activated, for instance, when a login appears to come from one country just a few hours after a login from another country.
Pavni Diwanji, Engineering Director for Gmail, described the following scenario in a post on the Official Gmail Blog. “A few weeks ago, I got an email presumably from a friend stuck in London asking for some money to help him out. It turned out that the email was sent by a scammer who had hijacked my friend’s account.”
Gmail already provides information at the bottom of the in-box displaying the time of the last activity on the account and whether it is still open in another location. But people often do not bother to check that information, Will Cathcart, a Gmail product manager, said in an interview on Wednesday.
So now Google is taking the extra precaution of displaying a warning to users in the form of a big banner that says “warning your acct was accessed from…” and which specifies a geographic region where the account was accessed when unusual activity was detected.
“For example, if you always log in from the same country and all of a sudden there is a log in from halfway around the world” that is suspicious, Cathcart said. Or, if the system detects that one particular IP address is accessing numerous accounts and changing passwords for them, that would trigger warnings for affected accounts, he said.
Gmail will give users details about suspicious activity, such as the browser used, IP address, and date and time of recent account log-ins. (Credit: Google)
Many small and medium sized businesses — as well as an increasing number of larger companies — depend on the Web-based Gmail as their primary source of messaging platform. Recently, a sharp rise in socially-engineered attacks and identity theft make Gmail account compromises a quickly growing concern.
Naturally, the company’s automated system uses IP addresses to map log-ins to general locations.
The warning will also include a “details” link that takes your Gmail’s existing account activity screen, showing you a complete list of recent log-ins. If you think your account has been compromised, you can change your password from the same screen.
The new Google concept tracks certain criteria and considers a range of user behaviors to try to identify activity which should raise red flags. Diwanji explains “To determine when to display this message, our automated system matches the relevant IP address, logged per the Gmail privacy policy, to a broad geographical location. While we do not have the capability to determine the specific location from which an account is accessed, a login appearing to come from one country and occurring a few hours after a login from another country may trigger an alert.”
Diwanji summed up by reminding users to “Keep in mind that these notifications are meant to alert you of suspicious activity but are not a replacement for account security best practices.”
After receiving the warning banner, clicking on the “details” link will show the location where the account is currently being accessed from, but it also lists the “Recent activity,” which indicates the previous browsing sessions, as well as whether they were from a browser, a mobile device, a POP3 client, and so on. Users can change their password from that window.
The new features are certainly beneficial and it certainly looks like Gmail has been focusing more on security lately. The attacks on several Gmail accounts that were cited as part of the reason behind the decision to drop censorship in China may also have something to do with the emphasis on security. Of course, the warning messages just introduced can be easily avoided by a hacker using a proxy or any other means of concealing their actual location. Gmail has also recently introduced secure HTTPS connections for all web access by default.
More detailed information about the warning system is available on the Gmail blog.